Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25154 1 Bbraun 2 Datamodule Compactplus, Spacecom 2022-04-21 5.8 MEDIUM 6.1 MEDIUM
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites.
CVE-2022-27505 1 Citrix 24 Sd-wan 1000, Sd-wan 1000 Firmware, Sd-wan 110 and 21 more 2022-04-21 4.3 MEDIUM 6.1 MEDIUM
Reflected cross site scripting (XSS)
CVE-2020-25152 1 Bbraun 2 Datamodule Compactplus, Spacecom 2022-04-21 5.8 MEDIUM 8.1 HIGH
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges.
CVE-2021-40398 1 Accusoft 1 Imagegear 2022-04-21 6.8 MEDIUM 7.8 HIGH
An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-1351 1 Pimcore 1 Pimcore 2022-04-21 3.5 LOW 5.4 MEDIUM
Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.
CVE-2022-23292 1 Microsoft 1 On-premises Data Gateway 2022-04-21 4.3 MEDIUM 3.1 LOW
Microsoft Power BI Spoofing Vulnerability.
CVE-2022-23268 1 Microsoft 2 Windows 11, Windows Server 2022 2022-04-21 2.1 LOW 6.5 MEDIUM
Windows Hyper-V Denial of Service Vulnerability.
CVE-2022-23259 1 Microsoft 1 Dynamics 365 2022-04-21 9.0 HIGH 8.8 HIGH
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability.
CVE-2022-23257 1 Microsoft 4 Windows 10, Windows 11, Windows Server 2016 and 1 more 2022-04-21 4.6 MEDIUM 8.8 HIGH
Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-24537.
CVE-2021-21956 1 Cloudlinux 1 Imunify360 2022-04-21 9.3 HIGH 7.8 HIGH
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-24788 1 Vyper Project 1 Vyper 2022-04-21 7.5 HIGH 9.8 CRITICAL
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2021-43154 1 Cmsmadesimple 1 Cms Made Simple 2022-04-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
CVE-2022-27814 1 Waycrate 1 Swhkd 2022-04-21 2.1 LOW 3.3 LOW
SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.
CVE-2020-25156 1 Bbraun 2 Datamodule Compactplus, Spacecom 2022-04-21 9.0 HIGH 7.2 HIGH
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root.
CVE-2022-27817 1 Waycrate 1 Swhkd 2022-04-21 3.6 LOW 4.4 MEDIUM
SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality.
CVE-2020-25166 1 Bbraun 2 Datamodule Compactplus, Spacecom 2022-04-21 7.5 HIGH 7.1 HIGH
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.
CVE-2020-25164 1 Bbraun 2 Datamodule Compactplus, Spacecom 2022-04-21 5.0 MEDIUM 7.5 HIGH
A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface.
CVE-2020-25162 1 Bbraun 2 Datamodule Compactplus, Spacecom 2022-04-21 7.8 HIGH 7.5 HIGH
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges.
CVE-2022-24843 1 Gin-vue-admin Project 1 Gin-vue-admin 2022-04-21 5.0 MEDIUM 7.5 HIGH
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue.
CVE-2022-24847 1 Osgeo 1 Geoserver 2022-04-21 6.5 MEDIUM 7.2 HIGH
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible.